Waveform level adversarial example generation for joint attacks against both automatic speaker verification and spoofing countermeasures. (November 2022)
- Record Type:
- Journal Article
- Title:
- Waveform level adversarial example generation for joint attacks against both automatic speaker verification and spoofing countermeasures. (November 2022)
- Main Title:
- Waveform level adversarial example generation for joint attacks against both automatic speaker verification and spoofing countermeasures
- Authors:
- Zhang, Xingyu
Zhang, Xiongwei
Liu, Wei
Zou, Xia
Sun, Meng
Zhao, Jian - Abstract:
- Abstract: Adversarial examples crafted to deceive Automatic Speaker Verification (ASV) systems have attracted a lot of attention when studying the vulnerability of ASV. However, real-world ASV systems usually work together with spoofing countermeasures (CM) to exclude fake voices generated by text-to-speech (TTS) or voice conversion (VC). The deployment of CM would reduce the capability of the adversarial samples on deceiving ASV. Although additional perturbations against CM may be generated and put on the crafted adversarial examples against ASV to yield new adversarial examples against both ASV and CM, those additional perturbations would however hinder the examples' adversarial effectiveness on ASV. In this paper, a novel joint approach is proposed to generate adversarial examples by considering attacking ASV and CM simultaneously. For any voice from TTS, VC or a real-world speaker, our crafted adversarial perturbations will turn its original labels on CM and speaker ID to bonafide and some target speaker ID, correspondingly. In our approach, a differentiable front-end is introduced to replace the conventional hand-crafted time–frequency feature extractor. Perturbations can thus be estimated by updating the gradients of the joint objective of ASV and CM on the waveform variables. The proposed method has demonstrated a 99.3% success rate on white-box logical access attacks to deceive ASV and CM simultaneously, which outperforms the baselines of 65.3% and 36.7%.Abstract: Adversarial examples crafted to deceive Automatic Speaker Verification (ASV) systems have attracted a lot of attention when studying the vulnerability of ASV. However, real-world ASV systems usually work together with spoofing countermeasures (CM) to exclude fake voices generated by text-to-speech (TTS) or voice conversion (VC). The deployment of CM would reduce the capability of the adversarial samples on deceiving ASV. Although additional perturbations against CM may be generated and put on the crafted adversarial examples against ASV to yield new adversarial examples against both ASV and CM, those additional perturbations would however hinder the examples' adversarial effectiveness on ASV. In this paper, a novel joint approach is proposed to generate adversarial examples by considering attacking ASV and CM simultaneously. For any voice from TTS, VC or a real-world speaker, our crafted adversarial perturbations will turn its original labels on CM and speaker ID to bonafide and some target speaker ID, correspondingly. In our approach, a differentiable front-end is introduced to replace the conventional hand-crafted time–frequency feature extractor. Perturbations can thus be estimated by updating the gradients of the joint objective of ASV and CM on the waveform variables. The proposed method has demonstrated a 99.3% success rate on white-box logical access attacks to deceive ASV and CM simultaneously, which outperforms the baselines of 65.3% and 36.7%. Furthermore, transferability on black-box and physical settings has also been validated. … (more)
- Is Part Of:
- Engineering applications of artificial intelligence. Volume 116(2022)
- Journal:
- Engineering applications of artificial intelligence
- Issue:
- Volume 116(2022)
- Issue Display:
- Volume 116, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 116
- Issue:
- 2022
- Issue Sort Value:
- 2022-0116-2022-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-11
- Subjects:
- Automatic speaker verification -- Spoofing countermeasures -- Adversarial example -- Joint attack -- Waveform gradients
Engineering -- Data processing -- Periodicals
Artificial intelligence -- Periodicals
Expert systems (Computer science) -- Periodicals
Ingénierie -- Informatique -- Périodiques
Intelligence artificielle -- Périodiques
Systèmes experts (Informatique) -- Périodiques
Artificial intelligence
Engineering -- Data processing
Expert systems (Computer science)
Periodicals
620.00285 - Journal URLs:
- http://www.sciencedirect.com/science/journal/09521976 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.engappai.2022.105469 ↗
- Languages:
- English
- ISSNs:
- 0952-1976
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3755.704500
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 24158.xml